<?php
require_once ('Zend/Controller/Plugin/Abstract.php');
/**
 * Controller plugin :
 * 		Thuc hien kiem tra cac request tu nguoi dung
 *		Kiem tra quyen cua nguoi dung truoc khi cho thuc hien yeu cau
 */

class Auth_Plugin_Controller extends Zend_Controller_Plugin_Abstract {

	 	
		private $_auth; //Bien authentication
    	
   	 	private $_noauth = array('module' => 'auth',
                             'controller' => 'login',
                            'action' => 'index');

 	  	private $_noacl = array('module' => 'auth',
                           'controller' => 'login',
                           'action' => 'erracl');
   
        private $_default = array('module' => 'default',
                           'controller' => 'index',
                           'action' => 'index');   
    
 	/**
 	 * Ham khoi tao 
 	 */  	
 	public function __construct($auth)
    {
        $this->_auth = $auth;
        //$this->_acl = $acl;
    }
	
    /**
     * Ham thuc hien kiem tra request cua nguoi dung
     */
	public function preDispatch($request)
	{
   	    $controller = $request->controller;		
		$action = $request->action;
		$module = $request->module;
		if($module=="default"){
			$request->setModuleName('default');
			$request->setControllerName($controller);
			$request->setActionName($action);          
		}
		$acl = new Zend_Acl();
        $roles = config::getSystemRoles();
		if ($request->getModuleName() == 'default') {
            // controller
            $auth_config = config::getModule('default');
            $auth_controller = split(',',$auth_config['controllers']);
            $auth_role = split(',',$roles);
            $auth_allow = split(',',$auth_config['allow']);
            $access_denined = $auth_config['gotourlandexit'];
            $auth_deny = "";
            
            foreach($auth_controller as $item){
                $acl->add(new Zend_Acl_Resource($item));	
            }
            foreach($auth_role as $item){
                $acl->addRole(new Zend_Acl_Role($item));                
            }
            foreach($auth_allow as $item){
                $acl->allow($item);
            }
            
            if($auth_config['deny'] != "")
            {
                $auth_deny = split(',',$auth_config['deny']);
                foreach($auth_deny as $item){
                    $deny = split(':',$item);
                    $acl->deny($deny[0],$deny[1]);
                }
            }
            
			$role = ($this->_auth->getIdentity() && $this->_auth->getIdentity()->STATUS = 'approved')? $this->_auth->getIdentity()->CODE : 'guest';
            
			$controller = $request->getControllerName();
			$action = $request->getActionName();
			//Zend_Layout::startMvc ( array ('layout' => 'view' ) );             
            
			if (!$acl->isAllowed($role, $controller, $action)) {
                if (!$this->_auth->hasIdentity()) {
                    $redirector = Zend_Controller_Action_HelperBroker::getStaticHelper('Redirector');
                    $redirector->gotoUrlAndExit($access_denined);
                }
			}
		}
        else{
            if($request->getModuleName() != "auth"){
                $auth_config = config::getModule($request->getModuleName());
                $isAuth = $auth_config['isauth'];
                if((int)$isAuth == 1){
                    if(!$this->_auth->getIdentity()){
                        $redirector = Zend_Controller_Action_HelperBroker::getStaticHelper('Redirector');
                        $redirector->gotoUrlAndExit('/auth/login/index');
                    }
                }
                $auth_controller = split(',',$auth_config['controllers']);
                $auth_role = split(',',$roles);
                $auth_allow = split(',',$auth_config['allow']);
                $access_denined = $auth_config['gotourlandexit'];
                $auth_deny = "";
                foreach($auth_controller as $item){
                $acl->add(new Zend_Acl_Resource($item));	
                }
                foreach($auth_role as $item){
                    $acl->addRole(new Zend_Acl_Role($item));                
                }
                foreach($auth_allow as $item){
                    $acl->allow($item);
                }
                
                if($auth_config['deny'] != "")
                {
                    $auth_deny = split(',',$auth_config['deny']);
                    foreach($auth_deny as $item){
                        $deny = split(':',$item);
                        $acl->deny($deny[0],$deny[1]);
                    }
                }
                
                $role = ($this->_auth->getIdentity() && $this->_auth->getIdentity()->STATUS = 'approved')? $this->_auth->getIdentity()->CODE : 'guest';
                //echo '<h1>'.$role.'</h1>';exit;
                $controller = $request->getControllerName();
                $action = $request->getActionName();                
                if (!$acl->isAllowed($role, $controller, $action)){
                    $redirector = Zend_Controller_Action_HelperBroker::getStaticHelper('Redirector');
                    $redirector->gotoUrlAndExit($access_denined);
                }
            }
        }
		
	}    
}